-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 09/04/2010 02:30 PM, Mike Williams wrote: > On Sat, Sep 4, 2010 at 1:52 PM, Dominick Grift <domg472@xxxxxxxxx> wrote: > >> On Sat, Sep 04, 2010 at 01:24:33PM -0400, Mike Williams wrote: >>> >>> Any idea why one box out of three would behave differently? It is a >>> worrisome difference. >> >> Audit does not use logrotate to rotate logs. I think it does that itself. >> See /etc/audit/auditd.conf >> Also the log can be rotated by running the auditd rc script: service auditd >> rotate >> >> > After lots of digging and, confirmed by your response, I now realize that > logrotate is not being used. The cron file I mentioned uses the command you > mentioned (service auditd rotate) to rotate the logs. > > I just compared /etc/auditd.conf and /etc/audit.rules on the system that was > not rotating logs with one of the ones that has been rotating audit.log and > they are identical. > > So, for me, my original question remains a puzzle. Why did it just work on > two out of three boxes, but require adding a cron job to do "service auditd > rotate" on the the third. Murphy's Law is in force here, the system that > has not been rotating the logs is the one that is the most important, at > least in terms of the number of people who use it. > > Mainly I'm concerned about what will happen on the update to f14, since the > misbehaving system is now fixed. > > Mike > > > > > -- > selinux mailing list > selinux@xxxxxxxxxxxxxxxxxxxxxxx > https://admin.fedoraproject.org/mailman/listinfo/selinux I would ask on the audit list.linux-audit@xxxxxxxxxx -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.16 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/ iEYEARECAAYFAkyGUlYACgkQrlYvE4MpobO2PgCbBarqt+aP+DFjo8/1IjwyY4sr xfMAoL3zY1LvfoKNQtguhD5CGcLHxiUU =kKWv -----END PGP SIGNATURE----- -- selinux mailing list selinux@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/selinux
